Cybersecurity firm Intrusion to settle SEC fraud claims
Texas-based cybersecurity company Intrusion was charged with fraud by the Securities and Exchange Commission regarding alleged materially false and misleading statements made by its former chief executive.
California cybersecurity audit rule scope begins taking shape at CPPA meeting
A final version of California’s cybersecurity audit rules likely won’t be released until later next year at the earliest, according to a rough timeline discussed by the California Privacy Protection Agency.
Paying ransom to avoid GDPR fine an unwise gambit
Companies that think paying reduced ransomware demands would be a better move than informing regulators of a data breach and facing enforcement are playing with fire, according to experts.
Verizon unit to pay $4.1M in cybersecurity false claims case
Verizon Business Network Services agreed to pay approximately $4.1 million to settle allegations levied by the Department of Justice regarding false claims caused by failure to fully implement cybersecurity controls required of a government contractor.
Preparing for SEC cybersecurity rules an opportunity for collaboration
Businesses can prepare for the Securities and Exchange Commission’s upcoming cybersecurity disclosure rule by going through it and identifying key gaps in compliance.
Cyber expert: Reach for data security to achieve compliance
Data security and compliance are not one and the same but have enough overlap that organizations can take steps when building a data security program to move closer to achieving compliance.
CPE Webcast: Five deliverables every cybersecurity team needs to survive, thrive and comply with the new SEC Cybersecurity Rule
In today’s fast-paced business world, firms must adapt to the ever-changing mobile compliance and technology landscape to stay competitive.
N.Y. cyber strategy puts pressure on banks, energy sector
New York will closely monitor the cybersecurity protections in place at institutions in the financial and energy sectors as part of its first statewide cybersecurity strategy.
Oct 24 | Unprepared for SEC cyber disclosures? You can get through this
Learn what cybersecurity strategy, governance, and risk management are and how to use an emerging definition for reasonable cybersecurity controls to help you define materiality.
Covington mulling appeal of ruling in SEC breached client case
Covington & Burling is leaving open the possibility of appealing a recent federal court order requiring the law firm to provide the names of hacked clients to the Securities and Exchange Commission.
Fed report highlights emerging cyber threats, including generative AI
The Federal Reserve listed the proliferation of generative artificial intelligence tools among areas of emerging cybersecurity threats for banks to monitor as part of its annual resilience report.
Risks, opportunities under SEC’s cyber incident disclosure rule
The clock is ticking for public companies to put in place policies and practices to meet the requirements of the Securities and Exchange Commission’s newly approved cybersecurity incident disclosure rule.
Senator pushes for probe into Microsoft’s ‘negligent cybersecurity practices’
Sen. Ron Wyden (D-Ore.) is calling on federal agencies to hold Microsoft accountable for “negligent cybersecurity practices” that played part in a Chinese hacking campaign that targeted U.S. government email addresses.
SEC adopts rule requiring cyber incident disclosures within four days
The Securities and Exchange Commission finalized its controversial rule requiring public companies to disclose the nature, scope, timing, and impact of cybersecurity incidents deemed to be material within four business days.
IBM report: Data breach costs at all-time high; AI helping detection
The global average cost of a data breach reached a new all-time high of $4.45 million in 2023, according to IBM’s annual report.
Tech giants, White House agree to AI risk management guidelines
Technology companies including Google, Meta, and OpenAI agreed to a series of voluntary commitments they’ll make regarding their management of risks when developing artificial intelligence systems.
Biden cyber strategy plan calls for big businesses to step up
The “biggest, most capable, and best-positioned” businesses must assume a greater share of mitigating cyber risks, the White House said in announcing the National Cybersecurity Strategy Implementation Plan.
Survey: Investment adviser compliance ramps up testing on advertising, marketing
The most popular mock exams conducted by compliance professionals at investment adviser firms this year have been on the Securities and Exchange Commission’s advertising/marketing rule, according to a new poll.
Experts: Ways to stay ahead of generative AI risks
Not all companies can rely on bans or restrictions to employee use of generative artificial intelligence like ChatGPT. Instead of telling people what they can’t do, focus on what they can do.
CFTC assembles task forces to combat cyber and tech issues, ESG fraud
The Enforcement Division of the Commodity Futures Trading Commission announced it established two new task forces to combat cyberattacks and misuse of technology and environmental fraud.
Growing list of MOVEit hack victims shows damage control difficulties
More than 130 organizations are believed to have been impacted by the MOVEit hack, with millions of people’s data at risk. Experts opine on the struggles businesses face in containing exposure.
SEC’s Grewal spotlights enforcement focus on cyber disclosures
The No. 1 priority at the Securities and Exchange Commission after organizations are impacted by a cybersecurity incident is that investors receive timely and accurate disclosures, according to Enforcement Division Director Gurbir Grewal.
APRA pressures Medibank on cyber enhancements post-breach
The Australian Prudential and Regulation Authority will require Medibank Private to hold 250 million Australian dollars (U.S. $166 million) in extra capital until the insurer remediates identified cybersecurity weaknesses after a significant data breach.
MOVEit ransomware attack shows sophistication of cybercriminals
In an era marked by an increase in digital threats, it’s vital to understand how sophisticated cybercriminal syndicates like Clop can impact the financial sector.
NAVEX report: Driven by cyber threats, infosec compliance top of mind
Compliance teams are taking more responsibility for issues related to information security and data privacy, motivated by increasing threats posed by data breaches and cyber intrusions, according to a new survey from NAVEX.
CFTC commissioner crafting potential proposed rule on cyber resiliency
The Commodity Futures Trading Commission’s Technology Advisory Committee sponsored by Commissioner Christy Goldsmith Romero is crafting potential rulemaking to establish cyber resiliency baselines among swap dealers and futures commission merchants.
FCC forms consumer data privacy task force
The Federal Communications Commission announced the launch of a new task force to coordinate privacy and data protection efforts at the agency, which oversees a telecommunications industry often targeted by cybercriminals.
Shades of SolarWinds in lessons from MOVEit hack
A ransomware attack affecting some of the U.K.’s largest corporations has highlighted once again how exposed organizations can be if the levels of cybersecurity used by their third parties are not as strong as expected.
SEC spring 2023 regulatory agenda: 37 rules in final stage
The rest of the year is shaping up to be busy at the Securities and Exchange Commission, where final rules regarding climate-related disclosures, enhanced cybersecurity risk governance, and more are all on the near-term agenda.
Verizon report: Lion’s share of data breaches linked to organized crime
About 83 percent of data breaches are perpetrated by external bad actors and not employees, with 70 percent of those breaches linked to organized crime groups with financial motives, according to the latest research.
KPMG report: Bank supervision, cyber among reg focus areas for rest of year
A new report by KPMG on key regulatory challenges for the second half of 2023 warned financial institutions to prepare for increased scrutiny, while all companies should expect more questions on how they oversee their cybersecurity and data management programs.
FTC orders Amazon pay $30M for alleged Alexa, Ring privacy violations
Amazon is set to pay more than $30 million comprised of a civil penalty and consumer refunds to resolve two separate cases alleging privacy violations regarding its Alexa voice assistant service and Ring doorbell subsidiary.
e-Book: New audit risk landscape: ESG, cyber, more
As companies face sustainability reporting challenges, accounting and audit firms are fielding increased requests for assistance, along with demands from investors and regulatory bodies for assurance on disclosures.
OneMain Financial fined $4.25M in NYDFS cybersecurity case
Mortgage servicer OneMain Financial Group will pay $4.25 million to settle allegations it left customer information vulnerable to cyberattacks by failing to implement required controls under New York’s cybersecurity law.
FTC warns businesses to risk assess uses of biometric technologies
Businesses that make false or unsubstantiated claims regarding facial recognition and other biometric technologies could face enforcement from the Federal Trade Commission, the agency warned in a policy statement.
Ex-Uber security chief avoids prison in obstruction case
The former chief security officer of Uber Technologies was sentenced to probation by a federal court judge as punishment for his involvement in covering up a 2016 data breach that affected 57 million users.
SEC risk alert flags branch office cybersecurity controls
The protection of customer personal data by branch offices of broker-dealers and investment advisers should be just as robust—and as well-coordinated—as protocols used by the firm’s home office, according to the Securities and Exchange Commission.
HHS teases policy changes stemming from cyber resiliency analysis
Some U.S. hospitals are falling short in protecting themselves from cyberattacks, with 29 percent of facilities recently surveyed lacking a documented GRC system, a new report from the Department of Health and Human Services found.
How to avoid pitfalls of scaling business with generative AI
Generative AI has the potential to be as game-changing for business and society as the internet, social media, and mobile phones were. At the moment, however, the risks seem to outweigh the rewards.
Treasury: DeFi services vulnerable to AML/CFT, cybersecurity risks
A new U.S. Treasury report concluded that decentralized finance services are being used by bad actors to launder the proceeds of illegal activity, aided by crypto platforms weak or non-existent in anti-money laundering and sanctions compliance programs.
CPE Webcast: Cyber risk management through an economic lens
How can you build a mature cyber resilience program within your business with a critical lack of technical know-how, significant budget constraints, and few-to-no monitoring of third-party risks?
TikTok CEO to boast data security efforts in Congress testimony
The fate of popular social media app TikTok in the United States could hinge on the testimony of CEO Shou Zi Chew before the House Committee on Energy and Commerce.
CISA pilot program seeks to bolster ransomware preparedness
The Cybersecurity and Infrastructure Security Agency announced a pilot program designed to help critical infrastructure entities vulnerable to cyberattacks mitigate a ransomware incident before it occurs.
SEC proposes Reg S-P updates on incident response, breach notifications
The Securities and Exchange Commission proposed amendments to its regulation requiring broker-dealers, investment companies, and registered investment advisers to establish policies and procedures to safeguard customer records and information.
Web hosting company fined in DOJ cyber fraud case
Web hosting company Jelly Bean Communications Design and its manager agreed to pay $293,771 in the latest Department of Justice case holding government contractors accountable for poor cybersecurity practices.
SEC orders Blackbaud to pay $3M for misleading ransomware disclosures
Software company Blackbaud agreed to pay $3 million to the Securities and Exchange Commission to settle claims it violated securities law by failing to disclose the true scope of a ransomware attack that affected 13,000 users.
HHS creates new enforcement office for health privacy
The Department of Health and Human Services and its office responsible for enforcing health privacy reorganized so it can sharpen enforcement of cybersecurity and data breaches.
Congress or FTC? What about SEC? Where U.S. federal privacy legislation efforts stand in 2023
As more state laws hit the books, businesses are more adamant than ever Congress needs to pass a federal data privacy law. If lawmakers don’t rise to the occasion, which government agency might?
Cloud ‘not a silver bullet’ for security
A panel of cyber experts and a chief compliance officer in financial services discussed the business risks, threat vectors, and vendor ‘gotchas’ associated with transitioning to a cloud provider at CW’s virtual Cyber Risk & Data Privacy Summit.
‘This is where we are now’: Cyber environment calls for continuous monitoring
Securing your organization’s private data when vendors have access to it means managing relationships from beginning to end, panelists at CW’s virtual Cyber Risk and Data Privacy Summit agreed.